<?php
/**
 * <https://y.st./>
 * Copyright © 2019 Alex Yst <mailto:copyright@y.st>
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org./licenses/>.
**/

$xhtml = array(
	'<{title}>' => 'I won a wristwatch',
	'takedown' => '2017-11-01',
	'<{body}>' => <<<END
<img src="/img/CC_BY-SA_4.0/y.st./weblog/2019/03/22.jpg" alt="A mobile device with a shattered screen" class="framed-centred-image" width="649" height="480"/>
<section id="walk">
	<h2>Walk home</h2>
	<p>
		As mentioned in my last entry, I didn&apos;t make it home last night.
		I was back in Springfield, but my bike had a flat.
	</p>
	<p>
		I had a general idea of where I was, but I was way off-course due to having escorted Larissa so her abusive boyfriend (well, hopefully <strong>*ex-boyfriend*</strong>, now) wouldn&apos;t try anything dangerous.
		I made a bit of an error when I plotted my new course as we split ways.
		I should have turned around and headed exactly back where we&apos;d come from.
		That would have been the shortest route back.
		Instead, I pressed ahead a little, then made a turn as soon as possible.
		In retrospect, something in me probably just wanted to get back to familiar ground as quickly as possible.
		The logical way to go was back, but pressing forward got me to certain landmarks that verified I was where I thought I was.
		Anyway, I didn&apos;t lose too much time this way, given that this week&apos;s going to be much less of a rush than recent weeks.
		I could afford to lose a little more time.
	</p>
	<p>
		On my new route, I spotted a car wash.
		Normally, I see it, but the place barely registers.
		It&apos;s not even a landmark for me; I don&apos;t remember it&apos;s there unless I&apos;m looking at it.
		But this time, I thought maybe they&apos;d have one of those coin-operated air pumps.
		As I drew near, I realised that quarters, the coins those things always take, are the one type of coin I never carry on me.
		I couldn&apos;t use the pump anyway.
		I leave my quarters at home for doing laundry with.
		Maybe they&apos;d have a change machine too though, so I went ahead and searched the place.
		However, they didn&apos;t have an air pump, so I just had to keep walking.
	</p>
	<p>
		My legs held up rather well.
		I&apos;m always impressed with them, as of late.
		All the biking I do has really paid off.
		I&apos;ve got so much leg endurance lately it&apos;s nuts.
		It was only once my complex was in sight that I noticed my feet were slightly tired, but even then, my legs weren&apos;t.
	</p>
</section>
<section id="lost">
	<h2>Lost mobile</h2>
	<p>
		I mentioned finding a dropped mobile late last night.
		I emailed the owner early this morning, not too far after midnight.
		When I got off work tonight though, I found they still hadn&apos;t responded.
		I&apos;m not even sure if they use that email account, it&apos;s just the one associated with the Google account that&apos;s associated with their device.
		I sent another email before I went to bed.
		I think I&apos;m going to send one every night.
		Eventually, when I have to try another way to reach them, I&apos;m going to insist they check their email and reply to prove the device is theirs.
		I mean, that&apos;ll be my excuse to them when I make them do that if they want it back.
		My real reason will be to hopefully get them to start paying attention to their email account though.
	</p>
</section>
<section id="drudgery">
	<h2>Drudgery</h2>
	<p>
		My discussion post for the day:
	</p>
	<blockquote>
		<h3>Improving latency</h3>
		<p>
			$a[DNS] traffic steering can be used to route around slow parts of the Internet at times <a href="https://dyn.com/blog/can-businesses-manage-and-avoid-internet-performance-issues-to-boost-their-enterprise-systems/">(Rapoza, 2017)</a>.
			If you&apos;ve got multiple servers up at different locations, and one of those locations becomes slow, you can steer users to another server through pointing your $a[DNS] records there instead.
		</p>
		<p>
			Real-user monitoring, discussed further below, can also be used to identify bottlenecks and help improve latency issues.
		</p>
		<p>
			Synthetic transaction monitoring and also help identify latency issues.
			It uses automated queries to check the performance of your website, though it can&apos;t predict what a real user would do <a href="https://smartbear.com/learn/performance-monitoring/what-is-real-user-monitoring/">(Huston, n.d.)</a>.
			In addition to the latency of your own servers, if you use third-party content on your website, you have to worry about the latency of those third-parties&apos; servers.
			Synthetic transaction monitoring can help you notice latency in third-party services faster too so you can contact those third parties and get the issues fixed faster <a href="https://www.monitis.com/blog/what-is-synthetic-transaction-monitoring-and-who-needs-it/">(Gasparyan, 2017)</a>.
		</p>
		<p>
			If your site is slow, get dedicated hosting <a href="https://stackify.com/web-application-problems/">(Julien, 2018)</a>.
			Shared hosting costs less, but it often comes wire reduced performance, too.
		</p>
		<p>
			Badly-written code, especially legacy code, can degrade performance <a href="https://stackify.com/web-application-problems/">(Julien, 2018)</a>.
			Make sure your programmers use best practices when writing new code.
			I&apos;d also recommend cleaning up the existing code, though the article doesn&apos;t specifically recommend that.
		</p>
		<p>
			Load-balancing is important.
			If most users are being directed to the same server, that server will run slowly while other servers may be underutilised <a href="https://stackify.com/web-application-problems/">(Julien, 2018)</a>.
			Make the most of your resources by using proper load balancing.
		</p>
		<p>
			Setting up an early warning system can alert you as your servers start to drawn near their visitor capacity <a href="https://stackify.com/web-application-problems/">(Julien, 2018)</a>.
			This will allow you to take measures such as temporarily adding more servers to deal with the increased load before it gets even worse and your users start to notice.
		</p>
		<p>
			Using less bandwidth can speed your website <a href="https://stackify.com/web-application-problems/">(Julien, 2018)</a>.
			The article recommends minifying your $a[CSS] and JavaScript, though the few saved bytes aren&apos;t worth the loss of readability, if you ask me.
			It also recommends server-side $a[HTTP] compression of files though, which is a more-effective option with no real drawbacks that I&apos;m aware of.
		</p>
		<h3>Improving security</h3>
		<p>
			This week&apos;s reading material&apos;s only advice on security was that $a[DNS] steering could be used to route around unsecure parts of the Internet <a href="https://dyn.com/blog/can-businesses-manage-and-avoid-internet-performance-issues-to-boost-their-enterprise-systems/">(Rapoza, 2017)</a>.
			However, if you have any idea how $a[DNS] works, you know it doesn&apos;t work that way.
			So we haven&apos;t actually seen any real security advice this week.
			Instead, I&apos;ll discuss things you can do to secure your internet-based content system management system based on my own thoughts.
		</p>
		<p>
			First, as I mentioned above, you can&apos;t exactly route the connection your customer&apos;s connection will make to the outer part of your system with $a[DNS].
			In fact, you can&apos;t route that part of the connection at all.
			The customer&apos;s end of the connection very likely will pass through unsecure parts of the Internet whether you want it to or not.
			Because of that, you need to take the necessary precautions: encrypt all traffic to and from your services.
			For example, for Web services, get a $a[TLS] certificate and redirect all <code>http:</code> connections to <code>https:</code>.
		</p>
		<p>
			Always hash and salt your passwords.
			Passwords should <strong>*never*</strong> be stored in a way in which they can be retrieved if your system gets cracked.
			Even if you encrypt your passwords, if your system gets compromised, the attacker might take not only the password database, but also the encryption key used to protect it.
			Encryption isn&apos;t enough.
			You need to irreversibly hash passwords.
			Even hashed passwords can be easy to decipher with a large enough rainbow table.
			Salting your hashed passwords makes rainbow tables virtually useless though, further protecting your users.
		</p>
		<p>
			Sanitise your input.
			You don&apos;t want users - intentionally or accidentally - injecting things where they don&apos;t belong.
			All sorts of security issues can result.
		</p>
		<h3>Improving data availability</h3>
		<p>
			Like with improving latency, $a[DNS] traffic steering can improve data availability <a href="https://dyn.com/blog/can-businesses-manage-and-avoid-internet-performance-issues-to-boost-their-enterprise-systems/">(Rapoza, 2017)</a>.
			If you&apos;ve got multiple servers and one goes down, you can steer users to another server instead.
		</p>
		<p>
			Real-user monitoring can be used to tell what customers are having trouble accessing <a href="https://smartbear.com/learn/performance-monitoring/what-is-real-user-monitoring/">(Huston, n.d.)</a>, so improvements can be made and accessibility be restored.
			Just be careful in implementing this and careful in understanding what the data gathered means.
			For example, if you build your main real-user monitoring to require JavaScript as the article suggests, you need to remember that the data it provides won&apos;t show you information on users that don&apos;t use JavaScript, and thus doesn&apos;t help you find certain types of accessibility issues, such as poorly-built pages that don&apos;t function when JavaScript is disabled.
		</p>
		<p>
			Again, synthetic transaction monitoring can be a help here.
			It can&apos;t tell if complex input streams will result in the user finding what they&apos;re after, but it can check to see if your pages are still available to the public even when your monitoring team has gone to bed.
			You can use that information to improve future uptime.
			In addition to the availability of your own servers, if you use third-party content on your website, you have to worry about the availability of those third-parties&apos; servers.
			Synthetic transaction monitoring can help you notice availability issues in third-party services faster so you can contact those third parties and get the issues fixed faster <a href="https://www.monitis.com/blog/what-is-synthetic-transaction-monitoring-and-who-needs-it/">(Gasparyan, 2017)</a>.
		</p>
		<p>
			Faulty $a[DNS] records can prevent user from reaching your site, due to their Web browsers looking in the wrong location.
			Supposedly, $a[DNS] monitoring can alert you to such problems <a href="https://stackify.com/web-application-problems/">(Julien, 2018)</a>.
			I&apos;m unclear on how that works though.
			$a[DNS] records don&apos;t suddenly change.
			They change when you deliberately change them.
			If your $a[IP] address changes, you&apos;ll need to update your $a[DNS] records, but if you remember to update your $a[DNS]-monitoring system to check for the new, correct records, you&apos;ll remember to update your $a[DNS] records at the same time.
			In fact, you&apos;ll probably update the $a[DNS] records <strong>*before*</strong> the monitoring system.
		</p>
		<p>
			Duplicate <code>&lt;title/&gt;</code> tags within your website can make it harder for your users to find you in search results <a href="https://stackify.com/web-application-problems/">(Julien, 2018)</a>.
			Some search engines assume your pages are duplicates if they have the same titles, so they won&apos;t index the perceived duplicates.
		</p>
		<h3>Improving performance during migration</h3>
		<p>
			Our reading material didn&apos;t discuss improving performance during data migration at all.
			So I&apos;ll cover some of my own tips.
		</p>
		<p>
			First, redundancy.
			Duplicate everything you can to the new server without shutting down the old server.
			Then switch the $a[DNS] over.
			Leave the old server up though, while $a[DNS] &quot;propagates&quot;.
			Once it&apos;s safe to shut down the new server, do it.
			Don&apos;t be hasty though and shut it down too soon.
			You&apos;re going to need to wait as long as your $a[DNS] $a[TTL] parameter is set.
		</p>
		<p>
			Databases pose an issue to this though.
			If two versions of your service are up at once, with different people seeing each due to which version of the $a[DNS] record they have, each will have it&apos;s own view of the database if they each have their own copy of the database.
			So don&apos;t give them different copies of the database.
			Have one instance access the other instance&apos;s database remotely.
		</p>
		<p>
			The database is going to need to be transferred, either before or after the $a[DNS] had updated.
			Having the database update while being copied would be bad, as some changes might not get copied and would therefore be lost.
			In other words, some down time is still needed in order to copy the database over.
			This is preferable to trying to copy while the database is running and risking lost data though.
			Get your database copied over as quickly as you can, then get your service back up and running using the new database instance instead of the old.
		</p>
		<p>
			Instead of having two website instances that share a database, you could even have one website instance and a proxy that routes to that instance, simplifying the set-up a bit.
		</p>
		<div class="APA_references">
			<h3>References:</h3>
			<p>
				Rapoza, J. (2017, August 30). <a href="https://dyn.com/blog/can-businesses-manage-and-avoid-internet-performance-issues-to-boost-their-enterprise-systems/">Can businesses manage &amp; avoid Internet performance issues to boost their enterprise systems? Oracle DYN</a>. Retrieved from <code>https://dyn.com/blog/can-businesses-manage-and-avoid-internet-performance-issues-to-boost-their-enterprise-systems/</code>
			</p>
			<p>
				Huston, Ti. (n.d.). <a href="https://smartbear.com/learn/performance-monitoring/what-is-real-user-monitoring/">What is real-user monitoring? Smartbear</a>. Retrieved from <code>https://smartbear.com/learn/performance-monitoring/what-is-real-user-monitoring/</code>
			</p>
			<p>
				Julien, J. (2018, April 26). <a href="https://stackify.com/web-application-problems/">Web application performance: 7 common problems and how to solve them. Stackify</a>. Retrieved from <code>https://stackify.com/web-application-problems/</code>
			</p>
			<p>
				Gasparyan, A. (2017, August 11). <a href="https://www.monitis.com/blog/what-is-synthetic-transaction-monitoring-and-who-needs-it/">What is synthetic transaction monitoring (and who needs it?). monitis</a>. Retrieved from <code>https://www.monitis.com/blog/what-is-synthetic-transaction-monitoring-and-who-needs-it/</code>
			</p>
		</div>
	</blockquote>
</section>
<section id="wristwatch">
	<h2>Wristwatch</h2>
	<p>
		I checked the mail as I was headed out to work, and it seems I&apos;ve won a wristwatch.
		It&apos;s probably not a <strong>*great*</strong> wristwatch, but claiming it&apos;s a good excuse for a long bike ride.
		I can&apos;t pick it up tomorrow or the next day, as I have a meeting with the missionaries and then church.
		I might find the time on Monday though.
	</p>
</section>
END
);
